Runback / Documentation

Documentation

Everything you need to instrument an agent, replay an incident, write a policy, and ship with confidence. Covers all editions — Community (free), Starter, Growth, Scale, Pro, and Enterprise.

Tier badges mark which edition a feature requires. See pricing →

#Overview

Runback is an observability and governance platform for AI agents. It captures every LLM call, tool call, and agent step — then lets you re-run any decision from the exact captured context, enforce policies, run regression tests, and export a tamper-evident audit record.

runback.dev/app — Fleet overview dashboard
Fleet overview dashboard

The platform has five layers:

1 · Capture

Instrument with the Runback SDK or send traces via OpenTelemetry. Every span is stored in a Postgres database you own.

2 · Replay

Re-run any step from the exact captured context — tools, retrieval, messages[] held fixed. Root-cause in minutes.

3 · Gate

Write policies as JSON rules. They evaluate on every run in real time and can gate your CI pipeline.

4 · Audit

Any run exports as a signed, re-executable audit record. Deterministic — no model calls required.

5 · Govern

Approvals, incidents, trust chains, and regulatory mappings for teams operating in regulated environments.

#Quick start (5 minutes)

Community

The fastest path: the managed hosted tier. You get a live dashboard in under 5 minutes without running any infrastructure.

1
Create a free account — go to runback.dev/get-started and enter your work email. You'll receive a magic link. Once signed in, click Settings → API Key (SDK) to generate your ingest key.
2
Install the SDK
bash
npm install @runback/sdk
3
Wrap your model call
typescript
import { withDebugger } from "@runback/sdk";
import { generateText, stepCountIs } from "ai";

const dbg = withDebugger(model, {
  runName: "support-agent",
  apiKey: process.env.RUNBACK_API_KEY,
  redact: "standard",
});

const result = await generateText({
  model: dbg.model,
  tools: dbg.tools(myTools),
  stopWhen: stepCountIs(10),
  prompt: userMessage,
});

await dbg.finish({ output: result.text, status: "success" });
4
Set your API key
bash
export RUNBACK_API_KEY=rb_live_your_key_here
5
Run your agent once — open your dashboard. The run appears within seconds.
Prefer a one-liner? Use the quickstart script — installs, configures, and sends a synthetic test run:
curl -fsSL https://runback.dev/api/quickstart | RUNBACK_API_KEY=your_key bash

#Your first run

Once a run lands in your dashboard you can:

  • Click into it — opens the time-travel debugger. Scrub the slider to any step.
  • Switch to Inspect mode — see the raw request/response for any LLM or tool call.
  • Download the audit record — a signed, re-executable bundle. Verifiable at runback.dev/verify.
runback.dev/app — Runs list — every agent decision captured
Runs list — every agent decision captured
The run detail page shows a one-time onboarding guide on first visit. Click Got it to dismiss it and access the full debugger.

#Runs & spans

A run is one end-to-end execution of an agent — from the initial prompt to the final output. A span is a single step within that run: either an LLM call or a tool call.

ObjectWhat it isKey fields
RunOne agent executionrun_id, name, status, input, output, started_at
LLM spanOne model callmodel, messages, response, tokens, latency_ms
Tool spanOne tool calltool_name, input, output, error, policy_block
Audit recordSigned bundle of all spansmerkle_root, signature, re-executable
runback.dev/app — Run detail — trace view with policy block
Run detail — trace view with policy block

Span IDs are stable — the same span replays identically every time, from the recording. No model call required.

#Replay

Runback has two kinds of replay:

Time-travel replay

Rewind any run to any step. The full agent state — every prior tool output, every message in context — is reconstructed from the recording. Deterministic, offline, no model calls.

Community+
Step replay

Re-execute a specific LLM call with a different model or prompt. Runback freezes the recorded inputs and makes a fresh call to the model you choose. Use it to bisect which model change caused a regression.

Pro+
runback.dev/app — Time-travel replay — scrub any step
Time-travel replay — scrub any step

#Policies

A policy is a JSON array of rules evaluated against every run. Rules can assert (flag a violation) or require (block the run if triggered).

json
[
  {
    "id": "no-large-disputed-refund",
    "kind": "require",
    "description": "Disputed refunds over $100 must be escalated, not auto-issued",
    "when": {
      "on": "tool_call",
      "tool": "issue_refund",
      "and": [
        { "field": "input.amount", "op": "gt", "value": 100 },
        { "field": "run.tags.disputed", "op": "eq", "value": true }
      ]
    },
    "action": "block"
  }
]
runback.dev/app — Policies — governance as code
Policies — governance as code
Policies are versioned. Simulate a new policy against your run history before activating it — no live traffic needed.

#Evals & CI gate

Community

Evals test your agent on a fixed dataset. The CI release gate fails a build if a new model or prompt causes a regression against your golden tests.

runback.dev/app — Evals — run your agent against a dataset
Evals — run your agent against a dataset
1
Create a dataset — a list of input/expected pairs in your dashboard.
2
Run evals via the CLI or API — Runback executes your agent against each input and scores the output.
3
Add the release gate to CI. It fails the build if the eval score drops below your threshold.
yaml
# .github/workflows/ci.yml
- name: Runback eval gate
  run: npx runback eval run --dataset my-dataset --threshold 0.9
  env:
    RUNBACK_API_KEY: ${{ secrets.RUNBACK_API_KEY }}

#Golden test suite

Growth

The golden suite automatically mines your production incident runs into regression tests. Every run that triggered a policy violation or was marked as a failure is surfaced for review and approval as a golden test.

runback.dev/app — Golden suite — incidents auto-mined into tests
Golden suite — incidents auto-mined into tests
Golden tests compound. After 30 days of production usage, most teams have 50–200 real edge-case tests they never had to write.

#Approvals

Starter

When a policy flags a violation (action: flag), team members can review and decide on the incident before the agent is permitted to continue or the run is marked resolved. Approvals are the human-in-the-loop gate for policy violations.

How it works

A flagged run creates a pending approval. Approvers (team members with the approve permission) see it in Approvals and can approve or reject with a note. The decision is sealed into the run record.

The audit trail

Every approval decision (who decided, when, with what note) is appended to the run's tamper-evident record. The chain covers both the agent's decision and the human decision.

typescript
// Mark a run as requiring approval via the API
POST /api/approvals
{
  "run_id": "run_abc123",
  "policy_id": "no-large-disputed-refund",
  "reason": "Disputed $250 refund — requires senior review"
}

// Get pending approvals
GET /api/approvals?status=pending
Configure which policies trigger approvals in Policies → Policy settings. You can require approval for any flag-level violation.

#Incidents

Growth

An incident is a structured record of an agent failure or policy breach — separate from the run itself. Incidents track status (open → investigating → resolved), timeline, and linked runs.

StatusMeaning
openIncident created, not yet assigned or being investigated
investigatingA team member is actively looking into the root cause
resolvedRoot cause identified, fix deployed, golden test added
typescript
// Create an incident from a run
POST /api/incidents
{
  "run_id": "run_abc123",
  "title": "Refund agent bypassed $100 limit",
  "severity": "high"
}

// Update status
PATCH /api/incidents/:id
{ "status": "resolved", "resolution": "Policy updated, golden test enrolled" }

From any run detail page, use the Open incident button to create a linked incident in one click. The incident page shows the full run, the policy violation, the approval history, and the timeline.

#Inter-agent trust chain

Pro

In multi-agent systems, a subagent receiving instructions from an orchestrator has no cryptographic proof the orchestrator is who it claims to be, or that the scope of the delegation hasn't been widened in transit. Runback's trust fabric seals every delegation edge.

Delegation tokens

Every orchestrator→subagent call produces an HMAC-SHA256 attestation token. The token carries the calling agent, called agent, depth, permitted scope, and a hash of the parent token.

Chain verification

The full chain from root to leaf exports as a signed artifact. POST it to /api/trust/verify — or re-derive the HMAC yourself. No Runback account needed.

typescript
// Issue a delegation token (orchestrator → subagent)
POST /api/trust/chain
{
  "parent_run_id": "run_orchestrator_abc",
  "child_agent": "kyc-subagent",
  "scope": "read:customer",
  "depth": 1
}

// Verify the full chain
POST /api/trust/verify
{
  "chain": [ /* array of attestation tokens */ ]
}

// Response: { valid: true, depth: 2, root: "loan-orchestrator", ... }
Trust chain verification requires the HMAC signing key configured at deployment time. Self-hosted deployments set AUDIT_SIGNING_KEY in their environment.

#Vercel AI SDK

Community

The deepest integration — full context capture, in-process PII redaction, step replay, and typed tool wrappers. About 3 lines of change to an existing agent.

typescript
import { withDebugger } from "@runback/sdk";
import { generateText, stepCountIs } from "ai";

// 1. Wrap your model and tools
const dbg = withDebugger(model, {
  runName: "customer-support",
  apiKey: process.env.RUNBACK_API_KEY,
  redact: "standard",      // "none" | "standard" | "aggressive"
  tags: { env: "prod" },
});

// 2. Use dbg.model and dbg.tools — drop-in replacements
const result = await generateText({
  model: dbg.model,
  tools: dbg.tools(myTools),
  stopWhen: stepCountIs(10),
  prompt: task,
});

// 3. Finish the run
await dbg.finish({ output: result.text, status: "success" });

// On error:
// await dbg.finish({ status: "error", error: err });

Redaction levels:

LevelWhat it strips
noneNothing — full fidelity capture
standardEmail, phone, SSN, card numbers, API keys, IP addresses
aggressiveAll of standard + names, addresses, dates, numeric IDs

#OpenTelemetry (any framework)

Community

Any framework that emits OpenTelemetry GenAI spans works with Runback. Set three environment variables and your traces flow in automatically.

bash
OTEL_EXPORTER_OTLP_TRACES_ENDPOINT=https://runback.dev/api/otel/v1/traces
OTEL_EXPORTER_OTLP_TRACES_PROTOCOL=http/json
OTEL_EXPORTER_OTLP_TRACES_HEADERS=authorization=Bearer <RUNBACK_API_KEY>
Replace RUNBACK_API_KEY with the key from your dashboard. Self-hosted deployments use your own base URL instead of runback.dev.

#Python — OpenAI / Anthropic

Community

Use OpenLLMetry (Traceloop) to auto-instrument the official Python SDKs.

bash
pip install traceloop-sdk
python
from traceloop.sdk import Traceloop

Traceloop.init(
    api_endpoint="https://runback.dev/api/otel",
    headers={"authorization": "Bearer " + os.environ["RUNBACK_API_KEY"]},
)

# All openai.chat.completions.create() and
# anthropic.messages.create() calls are now traced.

#LangChain, LangGraph, CrewAI, LlamaIndex

Community

Use OpenInference or OpenLLMetry instrumentors, then point the OTLP exporter at Runback via the env vars above.

bash
# LangChain / LangGraph
pip install openinference-instrumentation-langchain opentelemetry-exporter-otlp-proto-http
# LangChainInstrumentor().instrument()

# CrewAI
pip install traceloop-sdk
# Traceloop.init(...) — CrewAI spans flow straight in

# LlamaIndex
pip install openinference-instrumentation-llama-index
# LlamaIndexInstrumentor().instrument()
Set the three OTEL_* environment variables in the same shell before running.

#Environment variables

VariableRequiredDescription
RUNBACK_API_KEYYesYour API key. Prefix rb_live_ for production, rb_test_ for test.
RUNBACK_BASE_URLNoOverride the ingest endpoint. Required for self-hosted deployments.
RUNBACK_DISABLEDNoSet to 1 to disable all capture (useful in local dev or unit tests).
RUNBACK_DEMO_MODENoSelf-host only. Set to 1 to disable real model calls in replay/evals.

#Time-travel replay

Community

Open any run and drag the timeline slider. Runback reconstructs the exact agent state at every step — the full message history, every prior tool output, what the model knew at that moment — without making a single model call.

runback.dev/app — Time-travel replay — agent state at each step
Time-travel replay — agent state at each step

Controls:

  • Drag the slider to scrub to any step
  • / step backward and forward one span at a time
  • Click any span in the transcript to jump directly to that step
  • Switch to Inspect mode to see the raw request/response JSON for any step

#Step replay

Pro

Re-run a specific LLM call from a run with a different model. Runback freezes the recorded inputs (system prompt, message history, tool definitions) and makes a fresh call to the model you choose. The result is compared side-by-side with the original.

Use this to:

  • Verify that switching to a cheaper model doesn't change behaviour on historical incidents
  • Bisect which model or prompt change caused a regression
  • Build a counterfactual — “what would the agent have done if I'd used GPT-4o mini here?”

#Fleet benchmarks

Pro

The Benchmarks page compares your fleet's error rate, latency, and token spend against anonymised aggregate data from peer organisations in the same vertical. Percentile bands (p25, p50, p75, p95) let you see where your fleet stands relative to comparable deployments.

MetricWhat it shows
Error rate% of runs ending in error vs. peer p50/p75
Latency (p95)Your 95th-percentile run duration vs. peer distribution
Token spend / runAverage tokens consumed per run vs. vertical peers
Policy block rate% of runs blocked by governance rules vs. peer fleet
Peer data is anonymised and aggregated — no individual organisation's data is attributable. Opt-out is available in Settings → Data sharing.

#Fleet topology

Scale

The Topology view renders your entire agent fleet as a live DAG — orchestrators at the top, subagents and tools at the leaves. Each node shows its call volume, error rate, and token spend. Click a node to drill into its runs.

Use topology to:

  • Identify which subagent is the source of a systemic failure
  • Spot unexpected delegation chains (orchestrator calling an agent it shouldn't)
  • See token spend distribution across the fleet at a glance
Topology updates in real time during a run — watch the flame graph as each agent executes.

#Writing policies

Community

Policies live in your dashboard under Policies. Each policy has a name, a version, and an array of rules.

runback.dev/app — Policies — write and version governance rules
Policies — write and version governance rules

Rule fields:

FieldValuesDescription
kindrequire / assertrequire = block the run if triggered. assert = flag a violation but let the run continue.
ontool_call / llm_call / run_endWhich event type triggers evaluation.
whenJSON condition objectField path, operator, and value. Supports and / or / not nesting.
actionblock / flag / alertblock stops execution. flag records a violation. alert also fires your alert rules.

Operators: eq ne gt gte lt lte contains starts_with exists

Use Policy simulation (Scale+) to test a new policy against your last 30 days of run history before activating it.

#Policy causes

Scale

The Policy causes page shows a heat map of which policy × agent pairs produce the most blocks. It answers: “which agent is firing this rule most, and is it getting better or worse?”

ColumnWhat it shows
Block rateFraction of runs blocked by this policy/agent pair
Trend↑ worse / ↓ better vs. prior 30-day window
Total blocksAbsolute count over the selected window

The heat map intensifies as block rate increases — zero is transparent, >20% is rose. Use it to identify policies that need rule refinement or agents that need prompt changes.

#PII redaction

Community

PII redaction runs in-process — inside your application, before any data leaves to Runback. The raw values are never stored anywhere outside your process.

Standard redaction strips: email addresses, phone numbers, SSNs, credit card numbers, API keys, bearer tokens, IP addresses, and common secret patterns.

Redacted values are replaced with a deterministic placeholder like [redacted:email] so the structure of the trace is preserved for replay.

Redaction applies to string values only. If your agent embeds PII inside structured JSON objects, use aggressive redaction or implement a custom redactor via the SDK.

#Cost attribution

Scale

The Cost page breaks down your AI spend by model and agent over any time window. The Cost → Teams view shows spend per team with budget tracking and alert thresholds.

runback.dev/app — Cost attribution — spend by model and agent
Cost attribution — spend by model and agent

Cost data is derived from captured token counts in every LLM span. No billing integration required.

#Signed audit records

Community

Every run can be exported as a signed audit record — a JSON bundle containing all spans, a Merkle root over the span tree, and a cryptographic signature. Verifiable independently at runback.dev/verify without trusting Runback.

bash
# Download via API
curl -H "Authorization: Bearer $RUNBACK_API_KEY" \
  https://runback.dev/api/runs/{run_id}/audit > audit.json

# Verify locally
npx runback verify audit.json

#Regulatory dashboard

Enterprise

The Regulatory page maps your live run data to framework controls — EU AI Act Annex III, APRA CPS 230, and NIST AI RMF. Each control shows whether it's satisfied, partially covered, or missing evidence, based on your actual captures.

FrameworkControls mapped
EU AI Act Art. 12Logging and traceability — tamper-evident decision record
APRA CPS 230Operational risk, continuous monitoring, incident management
NIST AI RMFGovern, Map, Measure, Manage — live status per function
ISO/IEC 42001AI management system — evidence export for auditors
The regulatory dashboard is evidence support — it is not a compliance certificate. Your legal or compliance team must assess whether the evidence satisfies your specific obligations.

#Team chargeback

Enterprise

The Chargeback page breaks AI spend down to the team level, with monthly budget caps and automated alerts when a team approaches or exceeds its cap.

FeatureDescription
Per-team spendToken cost attributed to each team over a rolling 30-day window
Budget capsSet a monthly spend limit per team; alerts fire at 80% and 100%
Overage enforcementOptional: block ingest for a team that exceeds its cap until the next month
CSV exportExport the period report for internal billing or departmental chargebacks

Configure team budgets under Settings → Teams → Budget. Spend is derived from captured token counts — no billing integration required.

#Compliance export

Enterprise

The Compliance export generates a structured evidence package for auditor and regulator submissions. The package contains a signed, time-stamped summary of your governance posture — not a self-assessment, but a machine-generated artifact backed by your actual run data.

What the export includes:

  • Policy inventory: all active rules, their versions, and block/flag counts over the audit period
  • Incident log: every opened incident, its resolution, and the run record it links to
  • Model change history: every model upgrade event and the CI gate result that preceded it
  • Merkle-rooted ledger checkpoint: proof that the audit period record is complete and unaltered
Compliance export is evidence support — it is not a certification. Your legal or compliance team must assess whether the evidence satisfies your specific framework obligations.

#CI release gate

Community

Add the release gate to your CI pipeline. It runs your eval suite and fails the build if any golden test regresses beyond your threshold.

yaml
# GitHub Actions
- name: Runback release gate
  uses: letsRunback/runback-action@v1
  with:
    api-key: ${{ secrets.RUNBACK_API_KEY }}
    dataset: golden
    threshold: 0.95
    model: gpt-4o-mini
yaml
# Or via CLI
- run: npx runback eval run --dataset golden --threshold 0.95
  env:
    RUNBACK_API_KEY: ${{ secrets.RUNBACK_API_KEY }}
The CI gate is most powerful when seeded by production incidents — use the Golden suite to auto-mine them.

#Golden test suite

Growth

The golden suite automatically promotes production failures into regression tests.

runback.dev/app — Golden suite — review and approve incident-mined tests
Golden suite — review and approve incident-mined tests
1
Runback identifies runs that triggered a policy violation, had a non-zero error count, or were manually flagged.
2
They appear in Golden in your dashboard. You inspect, label, and approve (or reject) each candidate.
3
Approved candidates are added to your golden dataset. The CI gate runs against them on every build.
4
Each new incident adds more tests. Coverage compounds without manual effort.

#Requirements

Community

Runback is a standard Next.js app backed by a Postgres database. No exotic infrastructure.

ComponentMinimumRecommended
Node.js20 LTS22 LTS
Postgres1416 (Supabase, RDS, Cloud SQL)
RAM512 MB2 GB
CPU1 vCPU2 vCPU
Disk10 GB50 GB (depends on run volume)
For production self-hosting, use a managed Postgres service. SQLite is not supported.

#Docker Compose

Community

The fastest self-host path. Spins up the app and a local Postgres in two commands.

bash
# 1. Clone the repo
git clone https://github.com/letsRunback/runback.git
cd runback

# 2. Copy and fill in the env file (set AUDIT_SIGNING_KEY and JWT_SECRET at minimum)
cp .env.example .env && $EDITOR .env

# 3. Start
docker compose up -d

# App is now at http://localhost:3000

Postgres is bundled — no external database required. For production, override POSTGRES_PASSWORD in .env and point NEXT_PUBLIC_APP_URL at your domain.

#Environment variables (self-hosted)

Community
VariableRequiredDescription
AUDIT_SIGNING_KEYYesHMAC key for tamper-evident audit records. Generate: openssl rand -hex 32
JWT_SECRETYesSigns PostgREST session tokens. Generate: openssl rand -hex 32
POSTGRES_PASSWORDYesPostgres password. No default — must be set in .env before docker compose up.
NEXT_PUBLIC_APP_URLProductionYour public base URL. e.g. https://runback.yourco.com
RUNBACK_LICENSEEnterpriseLicense key for Enterprise features (SSO, fleet dashboard, etc.).
RUNBACK_DEMO_MODENoSet to 1 to disable real model calls in replay/evals.
RESEND_API_KEYNoResend API key for magic-link email auth.
OPENAI_API_KEYNoOnly needed for live step-replay & LLM eval judges.

#Upgrading

Community

SQL migrations run automatically on startup — no manual steps required.

bash
# Docker Compose
docker compose pull
docker compose up -d

# Migrations run automatically on boot.
# Downtime: typically under 5 seconds for minor releases.
Before upgrading across a major version, read the release notes — major versions may include breaking schema changes that require a one-time migration step.

#Authentication

All API requests require a Bearer token in the Authorization header.

bash
curl -H "Authorization: Bearer rb_live_your_key" \
  https://runback.dev/api/runs

API keys are created in your dashboard under Settings → API Key (SDK). Keys are prefixed rb_live_ for production and rb_test_ for test.

#Runs API

MethodPathDescription
GET/api/runsList runs. Query params: limit, offset, status, agent_name, from, to.
GET/api/runs/:idGet a single run with all spans.
POST/api/runs/:id/replayTrigger a step replay. Body: { span_id, model }.
GET/api/runs/:id/auditDownload the signed audit record as JSON.
GET/api/runs/:id/cassetteDownload the re-executable cassette bundle.
bash
# List the last 10 failed runs
curl -H "Authorization: Bearer $KEY" \
  "https://runback.dev/api/runs?status=error&limit=10"

# Download audit record
curl -H "Authorization: Bearer $KEY" \
  "https://runback.dev/api/runs/run_abc123/audit" > audit.json

#Approvals & Incidents API

Starter
MethodPathDescription
GET/api/approvalsList approvals. Query: status=pending|approved|rejected
POST/api/approvalsCreate an approval request for a run.
PATCH/api/approvals/:idApprove or reject. Body: { decision, note }
GET/api/incidentsList incidents. Query: status=open|investigating|resolved
POST/api/incidentsCreate an incident linked to a run.
PATCH/api/incidents/:idUpdate incident status or resolution.

#Audit API

Audit records are self-contained signed JSON bundles. To verify a record without trusting Runback:

bash
# Verify with the CLI
npx runback verify ./audit.json

# Output: OK  root=abc123...  signature=valid  spans=14

The CLI recomputes the Merkle tree from the raw span data and checks it against the root in the record. The signature is an HMAC-SHA256 signature verifiable with your own key.

#Trust chain API

Pro
MethodPathDescription
POST/api/trust/chainIssue a delegation token from orchestrator to subagent.
POST/api/trust/verifyVerify a trust chain. Returns: valid, depth, root, chain.

#Webhooks

Starter

Runback can POST a JSON payload to any URL when a run ends or a policy is triggered.

EventWhen it fires
run.completedAny run finishes (success or error)
run.errorA run ends with status = error
policy.blockA policy rule fires with action = block
policy.flagA policy rule fires with action = flag
approval.createdAn approval request is created
incident.openedA new incident is opened
json
// Example payload — policy.block
{
  "event": "policy.block",
  "run_id": "run_abc123",
  "policy_id": "no-large-disputed-refund",
  "tool": "issue_refund",
  "blocked_at": "2026-07-01T14:22:01Z"
}

Configure webhooks in your dashboard under Alerts → Webhooks. HMAC-SHA256 request signing is enabled by default.

#Rate limits

LimitCommunityStarterGrowthScaleProEnterprise
Ingest — spans/sec502005001,0002,000Custom
API reads — req/min603006009001,200Custom
Replay — per hour1050100200500Custom
Eval runs — per day520100200500Custom
Audit exports — per day10502005001,000Custom
Rate limit headers on every API response: X-RateLimit-Limit X-RateLimit-Remaining X-RateLimit-Reset. Requests over the limit return 429 Too Many Requests.